Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
"Bus topology"
|
"A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel# each station receives it. Each station then determines# based on an address contained in the message# whether to accept and process the message or simply to ignore it."
|
|
|
"Business impact analysis (BIA)"
|
"An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time# identifies the minimum resources needed to recover and prioritizes the recovery of processes and supporting systems"
|
|
|
"business process integrity"
|
"Controls over the business processes that are supported by the ERP"
|
|
|
"Business process reengineering (BPR)"
|
"Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure# more responsive to the customer base and market conditions# while yielding material cost savings. To reengineer means to redesign a structure and procedures with intelligence and skills# while being well informed about all of the attendant factors of a given situation# so as to obtain the maximum benefits from mechanization as basic rationale."
|
|
|
"Business risk"
|
"Risks that could impact the organization’s ability to perform business or provide a service. They can be financial# regulatory or control oriented."
|
|
|
"Business-to-consumer e-commerce (B2C)"
|
"Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology."
|
|
|
"Bypass label processing (BLP)"
|
"A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system."
|
|
|
"CAATs"
|
"See computer-assisted audit techniques"
|
|
|
"Cadbury"
|
"The Committee on the Financial Aspects of Corporate Governance# set up in May 1991 by the UK Financial Reporting Council# the London Stock Exchange and the UK accountancy profession# was chaired by Sir Adrian Cadbury and produced a report on the subject commonly known# in the UK# as the Cadbury Report."
|
|
|
"Capacity stress testing"
|
"Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing."
|
|
|
"Card swipes"
|
"A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes# if built correctly# act as a preventative control over physical access to those sensitive locations. After a card has been swiped# the application attached to the physical card swipe device logs all card users that try to access the secured location. The card swipe device prevents unauthorized access and logs all attempts to enter the secured location."
|
|
|
"Cathode ray tube (CRT)"
|
"A vacuum tube that displays data by means of an electron beam striking the screen# which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed"
|
|
|
"Central office (CO)"
|
"A telecommunications carrier’s facilities in a local area in which service is provided where local service is switched to long distance"
|
|
|
"Central processing unit (CPU)"
|
"Computer hardware that houses the electronic circuits that control/direct all operations of the computer system"
|
|
|
"Centralized data processing"
|
"Identified by one central processor and databases that form a distributed processing configuration"
|
|
|
"Certificate authority (CA)"
|
"A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates"
|
|
|
"Certificate Revocation List"
|
"A list of retracted certificates"
|
|
|
"Challenge/response token"
|
"A method of user authentication. Challenge response authentication is carried out through use of the Challenge Handshake Authentication Protocol (CHAP). When a user tries to log into the server# the server sends the user a ""challenge#"" which is a random value. The user enters a password# which is used as an encryption key to encrypt the ""challenge"" and return it to the server. The server is aware of the password. It# therefore# encrypts the ""challenge"" value and compares it with the value received from the user. If the values match# the user is authenticated. The challenge/response activity continues throughout the session and this protects the session from password sniffing attacks. In addition# CHAP is not vulnerable to ""man in the middle"" attacks as the challenge value is a random value that changes on each access attempt."
|
|
|
"Check digit"
|
"A numeric value# which has been calculated mathematically# is added to data to ensure that original data have not been altered or that an incorrect# but valid match has occurred. This control is effective in detecting transposition and transcription errors."
|
|
|
"Check digit verification (self-checking digit)"
|
"A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit"
|
|
|
"Checkpoint restart procedures"
|
"A point in a routine at which sufficient information can be stored to permit restarting the computation from that point"
|
|
|
"Ciphertext"
|
"Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader."
|
|
|
"Circuit-switched network"
|
"A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network."
|
|
|
"Circular routing"
|
"In open systems architecture# circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model."
|
|
|
"Cleartext"
|
"Data that is not encrypted. Also known as plaintext."
|
|
|
"Client-server"
|
"A group of computers connected by a communications network# where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it is transparent to the user."
|
|
|
"Cluster controller"
|
"A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver."
|
|
|
"Coaxial cable"
|
"It is composed of an insulated wire that runs through the middle of each cable# a second wire that surrounds the insulation of the inner wire like a sheath# and the outer insulation which wraps the second wire. Coaxial cable has a greater transmission capacity than standard twisted-pair cables but has a limited range of effective distance."
|
|
|
"COBIT®"
|
"Control Objectives for Information and related Technology# the international set of IT control objectives published by ISACF#® 2000# 1998# 1996"
|
|
|
"COCO"
|
"Criteria Of Control# published by the Canadian Institute of Chartered Accountants in 1995"
|
|
|
"Cohesion"
|
"The extent to which a system unit--subroutine# program# module# component# subsystem--performs a single dedicated function. Generally# the more cohesive are units# the easier it is to maintain and enhance a system# since it is easier to determine where and how to apply a change."
|
|
|
"Cold site"
|
"An IS backup facility that has the necessary electrical and physical components of a computer facility# but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the users have to move from their main computing location to the alternative computer facility."
|
|
|
"Combined Code on Corporate Governance"
|
"The consolidation in 1998 of the ""Cadbury#"" ""Greenbury"" and ""Hampel"" Reports. Named after the Committee Chairs# these reports were sponsored by the UK Financial Reporting Council# the London Stock Exchange# the Confederation of British Industry# the Institute of Directors# the Consultative Committee of Accountancy Bodies# the National Association of Pension Funds and the Association of British Insurers to address the Financial Aspects of Corporate Governance# Directors' Remuneration and the implementation of the Cadbury and Greenbury recommendations."
|
|
|
"Communications controller"
|
"Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer# thus freeing the main computer from this overhead function"
|
|
|
"Comparison program"
|
"A program for the examination of data# using logical or conditional tests to determine or to identify similarities or differences"
|
|
|
"Compensating control"
|
"An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions"
|
|
|
"Compiler"
|
"A program that translates programming language (source code) into machine executable instructions (object code)"
|
|
|
"Completeness check"
|
"A procedure designed to ensure that no fields are missing from a record"
|
|
|
"Compliance testing"
|
"Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period"
|
|
|
"Components (as in component-based development)"
|
"Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However# the goal of component-based development is to ultimately use as much predeveloped# pretested components as possible."
|
|
|
"Comprehensive audit"
|
"An audit designed to determine the accuracy of financial records# as well as evaluate the internal controls of a function or department"
|
|
|
"Computationally greedy"
|
"Requiring a great deal of computing power; processor intensive"
|
|
|
"Computer sequence checking"
|
"Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research"
|
|
|
"computer server"
|
"1) A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2) A computer that provides services to another computer (the client)."
|
|
|
"Computer-aided software engineering (CASE)"
|
"The use of software packages that aid in the development of all phases of an information system. System analysis# design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatically. CASE can be installed on a microcomputer for easy access."
|
|
|
"Computer-assisted audit technique (CAATs)"
|
"Any automated audit technique# such as generalized audit software# test data generators# computerized audit programs and specialized audit utilities"
|
|
|
"Concurrent access"
|
"A fail-over process# in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently"
|
|
|
"Confidentiality"
|
"Confidentiality concerns the protection of sensitive information from unauthorized disclosure"
|
|
|
"Console log"
|
"An automated detail report of computer system activity"
|
|
|
"consumer"
|
"One who obtains products or services from a bank to be used primarily for personal# family or household purposes."
|
